Half of infosec professionals in a recent Bitdefender study revealed that their organization doesn’t have a contingency plan in place, or didn’t know if they did, for a situation like COVID-19 or a similar scenario.
86% of respondents in our study, conducted by Sapio Research, admitted that attacks were on the rise during the pandemic, with phishing and whaling recording the biggest spike among the common attack vectors – a finding echoed in other recent studies. Nearly a third intend to leverage learnings and increase IT security training. However, at the moment, 50% (or one in two companies) have no contingency plan in place should a similar situation arise in the future.
Infosec professionals know that strategic changes need to be made rapidly. The significant majority agree that COVID-19 will change the way their businesses operates in the long-term — a figure that jumps to 92% for those working in energy and 87% for those working in hospitality.
The rate at which attacks have seemingly increased is also concerning. Supply chain attacks, cyberwarfare and IoT as an attack vector are up by 38%, infosec pros say. In addition, ransomware is believed to be up by 31%, and DDoS attacks by 36%.
As more employees work from home and possibly many more will do so in the future, IT professionals are concerned about the security implications. A third of respondents say they fear that employees are feeling more relaxed about security issues because of their surroundings, and that employees not sticking to protocol, especially in terms of identifying and flagging suspicious activity, is a worry. Two in five say that employees using untrusted networks is a risk to their organization, and 38% say there is a definitive risk in another person having access to an employee company device.
Financial services (43%), healthcare (34%), and the public sector (29%) are the face the biggest cyber security risks at the moment, respondents said.
As a result of the increase in home working, many changes have been made to security strategies. Yet, despite their fears of a rise in attacks, only 14% of organizations in our study have invested a significant amount of money in upgrading security stacks. Only 12% have bought additional cybersecurity insurance, and only 11% have implemented a zero-trust policy — all of which indicates more changes are still to be made.